Hacker News new | ask | show | jobs
by brian-armstrong 3528 days ago
What if you accidentally revealed a private key on the screen during the screenshot? Are you willing to forfeit 10 minutes of time to keep your SSH or whatever else uncompromised? Or are you going to trust Upwork and your client to not somehow leak it, even accidentally?
3 comments
oarsinsync 3528 days ago
> What if you accidentally revealed a private key on the screen during the screenshot?

You replace the private key with a new one that hasn't been compromised.

> Are you willing to forfeit 10 minutes of time to keep your SSH or whatever else uncompromised?

Too late, it already is.

> Or are you going to trust Upwork and your client to not somehow leak it, even accidentally?

See above. You've already leaked it, it is now compromised and needs replacing. It sucks, but if you adopt a different approach, you're risking a lot of trouble down the road. Private keys are private. The moment you leak it, accidentally or otherwise, it's no longer private and should be replaced.

link
Mithaldu 3528 days ago
I delete the segment and enter manual time with an explanation of why i did that. Manual time isn't protected by oDesk in disputes, but in that situation it's fine to use and low risk.
link
brian-armstrong 3528 days ago
That's fair. What if you didn't notice that it happened?

It seems like dealing with checking for sensitive onscreen information every 10 minutes could be kind of flow-destroying.

link
Mithaldu 3528 days ago
There's a fairly noticable popup, that you can also configure to make a sound; and if you're really worried you can review the screenshots in your work diary at the end of the day.
link
cobby 3528 days ago
As far as I know all screenshots are available for clients right away.
link
Whachadoo 3528 days ago
I believe it gives you something like 10 seconds to click "delete" before it uploads it, but even then you can click the screenshot from the Upwork client and it'll take you to the work schedule where you can then delete it (removing the time worked / money paid for those 10 minutes).
link
rmc 3528 days ago
Or what if you view personal information? Under data protection law, would that could as a data breech?
link
Mithaldu 3527 days ago
If you're dealing with personal information you should always handle with conscious care and ensure it is only handled in a way that no data breaches are possible. This does include notifying your client that you'll be doing manual time for a task, or doing it on different hardware.
link